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© Classified document transmission control. 



© A method is disclosed for notifying both the 
source and intended recipient of a classified elec- 
tronic message transmitted via a computer network 
of a delivery restriction imposed by an insufficient 
classification level at the recipient' s system. A re- 
quired classification level is transmitted by the 
source of a classified electronic message in associ- 
ation with each classified electronic message and an 
indication of each classified electronic message is 
stored in an output log at the source system. Prior to 
permitting delivery of a classified electronic mes- 
2 sag©* the required classification level is then corn- 
spared to the classification level of the intended re- 
Ocipient. Delivery of a classified electronic message is 
W automatically restricted in response to an insufficient 
classification level at the recipient's system and a 
JO sta^s message is then transmitted to either or both 
Jjjthe source and the intended recipient of the clas- 
sified electronic message. The recipient may be 
O automatically prompted to attempt to obtain a clas- 
q_ sification upgrade or forward the message to an 
IU alternate recipient in* response to such restriction. 
Additionally, the method permits an und livered 
message to be destroyed by the source, the recipi- 



ent, or the system in response to the failure of 
delivery. 
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CLASSIFIED DOCUMENT TRANSMISSION CONTROL 



DESCRIPTION 



This invention relates generally to classified 
document transmission control in computer net- 
works and provides the basis for providing notifica- 
tion to both the source and recipient of classified 
electronic messages which are undeliverable due 
to classification restrictions. 

The electronic mail is rapidly supplanting Post 
Office mail as a means for communicating between 
individuals. One significant advantage of electronic 
mail is that the transmission time associated with 
each electronic mail message is ordinarily only 
seconds, or fractions of a second, as compared to 
Post Office mail which ordinarily requires several 
days. 

The mailing time associated with Post Office 
mail often causes significant delay in the conduct 
of business and has been largely ignored, and 
consequently tolerated, until the advent of Express 
Mail services and electronic mail. Currently, this 
widespread delay of business is identified as 
"float" and the minimising or eliminating of this 
float has become one goal of business managers, 
efficiency experts and others hoping to increase 
societal productivity. 

The widespread use of electronic mail systems 
have given rise to a problem of security. That is, 
the worrisome problem of delivering a sensitive 
electronic mail message to the terminal of a third 
party only to have that message intercepted and 
read by another due to a lack of sufficient security 
at the recipient's terminal. Recently a method has 
been proposed whereby the delivery of a classified 
message will be automatically cancelled if the re- 
cipient's system profile does not match a pre- 
established profile which has been transmitted with 
the message. While this represents an enhance- 
ment over known electronic mail systems by pro- 
viding a system with the ability to automatically 
proscribe the delivery of a classified message to a 
recipient whose recipient profile does not match 
the pre-established profile established by the 
source of the classified message, it does not ad- 
dress the problem of how to proceed once delivery 
of a classified message has been cancelled. 

Thus, it should be obvious that a need exists 
for a method whereby the delivery and receipt of 
sensitive electronic messages may be carefully re- 
stricted and whereby the source and recipient of 
such electronic messages may receive notification 
indicating the delivery or non-delivery status of a 
classified message. 

It is therefore on object of the present inven- 



tion to provide an improved electronic message 
system. 

The present invention provides, in a computer 
network, a method for automatically notifying the 

s source of a classified electronic message transmit- 
ted via the computer network of a delivery restric- 
tion imposed by the classification level of the re- 
cipient, comprising the steps of: 
transmitting a required classification level to be met 

w by a valid receiver in association with an electronic 
message to a selected recipient via a computer 
network; 

automatically comparing the transmitted required 
classification level with the classification level of the 
J5 selected recipient: 

automatically restricting delivery of the electronic 
message to the selected recipient in response to 
the failure of the classification level of the selected 
recipient to meet or exceed the transmitted re- 

20 quired classification level; and 

automatically transmitting the status of the delivery 
to the source. 

Such an arrangement is thought to provide an 
improved electronic message system which per- 

25 mits restriction of the delivery and receipt of clas- 
sified electronic messages while providing a no- 
tification to both the source and recipient regarding 
the non-delivery of such messages and can also be 
arranged to provide notification to a designated 

jo third party in the event of such restriction. 

In one arrangement of the present invention, a 
required classification level is transmitted by the 
source of a classified electronic message in associ- 
ation with each classified electronic message and 

35 an indication of each such classified electronic 
message is stored in an output log at the source 
system. Prior to permitting delivery of a classified 
electronic message, the required classification level 
is then compared to the classification level of the 

40 intended recipient. Delivery of a classified elec- 
tronic message is automatically restricted in re- 
sponse to an insufficient classification level at the 
recipient's system and a status message is then 
automatically transmitted to either or both the 

45 source and the intended recipient of the classified 
electronic message. It is preferred also to provide 
for the transmittal of a status message to a des- 
ignated third party, such as a system operator. As 
disclosed, the receipt of a classified message bear- 
so ing a classification higher than that of the intended 
recipient will cause the system to aut maticaily 
prompt the intended recipient to attempt to obtain a 
classification upgrade or to forward the message to 
an alternate recipient bearing the proper classifica- 
tion level. Additionally, the method of the present 
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inv ntion permits an undelivered message to be 
destroyed by th source, th recipient or th sys- 
tem in response to the failure of delivery. 

The present invention will be described further 
by way of xample with reference to an embodi- 
ment thereof as illustrated in the accompanying 
drawings, in which: 

Figure 1 depicts, in block diagram form, a 
Local Area Network (LAN) which links multiple us- 
ers in a system wherein electronic messages may 
be transmitted; 

Figure 2 depicts a logic flow chart illustrating 
the operations performed in transmitting a message 
in system; and 

Figure 3. in sections A and B. is a logic flow 
chart illustrating the operations involved at recep- 
tion. 

A Local Area Network (LAN) 10 is a self-con- 
tained computer network linking a plurality of users. 
As is illustrated. Users A, B, C, and D are each 
linked in Local Area Network (LAN) 10 and are 
capable of freely communicating electronic mes- 
sages between one another within Local Area Net- 
work (LAN) 10. Those skilled in the art wilt appre- 
ciate that while a Local Area Network (LAN) 10 is 
depicted in Figure 1. the electronic message meth- 
od disclosed herein may be used with other such 
systems such as a plurality of interactive work 
stations which are each coupled to a host com- 
puter. 

The disclosed arrangement permits a transmit- 
ter to transmit a classified electronic message to a 
particular recipient and automatically generate no- 
tification messages to the recipient, a designated 
third party, and the source system in the event that 
delivery of the classified electronic message is not 
accomplished due to an insufficient classification 
level at the recipient system. Some of the activities 
involved can be thought of as taking place at 
transmission or in a a "transmission system" and 
some may be thought of as occurring at reception 
or in a "reception system." 

The transmission part of the disclosed opera- 
tion is depicted in logic flow chart form in Figure 2, 
while the counterpart reception operation is de- 
picted in logic flow chart form in Figure 3. Figure 2 
and Figures 3A and 3B should be read together to 
fully understand the disclosed arrangement where- 
by notification of the inability of a recipient to 
receive a classified electronic message may be 
automatically transmitted to designated parties. Ad- 
ditionally, each user depicted in Figure 1 may 
consist of an individual, or a computer system, 
such as a personal computer. 

Referring now to Figure 2, the operation of the 
transmission system will now be described, with 
occasional reference to Figure 1. for purpose of. 
exposition. As depicted in block 14, the operation 



is begun by the selection of an electronic message 
for transmission at the transmission system. Those 
skilled in the art will appreciate that the selection of 
a particular message for transmission involves not 

5 only th selection f the message content but also 
the specification of the recipient or recipients for 
that particular message. Therefore, the selection of 
a particular message for transmission, as depicted 
in block 14. shall be assumed to include such 

w specifications. Next, block 16 is used to illustrat 
whether or not the message selected for transmis- 
sion requires a particular classification level, if not. 
the particular message selected by block 14 is 
transmitted via Local Area Network (LAN) 10 (see 

15 Figure 1) in a manner well known in the art, as 
illustrated in block 18. 

In the event the electronic message selected 
for transmission as illustrated in block 14 requires a 
classification level, as depicted in block 16, then 

20 block 20 illustrates the setting of a particular clas- 
sification level. Those skilled in the art of electronic 
message systems will appreciate that each individ- 
ual establishment may generate its own classifica- 
tion level system and that such systems may drff r 

25 in the number and priority of classifications which 
are available. Next, an indication of the messag 
and the classification level selected is entered in 
the output log for the transmission system, as 
illustrated in block 22. Thereafter, block 24 is used 

30 to determine whether or not encryption is required. 
If no encryption is desired, the message is trans- 
mitted via the network, as illustrated in block 18. If. 
however, encryption is required, then block 26 illus- 
trates the encryption of the classified electronic 

35 message, by any technique known in the prior art. 
prior to transmission of the message via the net- 
work, as illustrated in block 18. 

With reference now to Figures 3A and 3B. 
there are depicted the operations which take place 

40 at the recipient's system. This part of the operation 
begins at the recipient's system with the receipt of 
a particular message, as illustrated in block 30. 
Next block 32 is used to determine whether or n t 
the electronic message received in block 30 is 

45 classified. If the message received is not classified, 
the message Is then placed in the recipient's in 
box, as illustrated in block 34. 

In the event the electronic message received at 
the recipient's system is classified, then block 36 

so depicts the retrieval of the recipient's classification, 
which, in the disclosed arrangement, is stored with- 
in a recipient profile associated with each recipient 
within the network. 

Next block 38 illustrates a determination of 

55 whether or not the classification level required by 
the messag received at the recipient's system is 
m t by the recipient's classification level. If the 
recipient possesses a suitable classification lev I to 
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receive the classified electronic message, then 
block 40 illustrates the transmittal of an arrival 
notice back to the source of the classified message 
and the placing of the message into the recipient's 
in box, as illustrated in block 34. 

In the event the recipient's classification level 
is not sufficiently high to receive the classified 
electronic message received at the recipients sys- 
tem, then block 42 illustrates the placing of a denial 
notification in the recipient's input log. Of course, 
those skilled in the art will appreciate that such a 
denial notification may be carefully crafted to in- 
dicate to the recipient that a classified electronic 
message has arrived for which the recipient does 
not possess a sufficiently high classification level. 
This may be done simply and easily without in- 
dicating the nature of the classified electronic mes- 
sage. 

Next, block 44 depicts the transmittal of a non- 
delivery notice to the source and any designated 
third parties. One important feature of the disclosed 
arrangement is that the notification of non-delivery 
which is automatically generated for the source of 
the classified electronic message may also be di- 
rected automatically to the system operator or any 
other designated third party. In this manner, the 
system may establish suitable techniques for deal- 
ing with undelivered classified electronic message 
which are unique to a particular system without the 
necessity of requiring that all systems using this 
method treat undelivered classified electronic mes- 
sages in the same manner. 

As illustrated in block 46, the disclosed ar- 
rangement next prompts the recipient to obtain a 
classification upgrade. In this manner, the recipient 
may request and often receive a temporary or 
transactional classification upgrade in order to allow 
him to receive and review a particular classified 
electronic message. Block 48 then illustrates a 
determination of whether or not the upgrade has 
been obtained and, if so, block 40 illustrates the 
transmittal of an arrival notice to the source. Next 
the classified electronic message is placed in the 
recipient's in box, as depicted in block 34. 

In the event the recipient has not obtained a 
classification upgrade suitable to permit him to 
review the classified electronic message received, 
then block 50 illustrates the prompting of the re- 
cipient to forward the message to an alternate 
recipient For example, the recipient may not pos- 
sess a suitable classification level; however, his 
manager may have such a classification level and 
forwarding of the classified electronic message to 
the manager will permit communication with the 
intended recipient to take place to the extent the 
manager deems it necessary. 

Block 52 now illustrates a determination of 
whether or not the classified electronic message 



has been forwarded to an altemat recipient If so. 
block 54 illustrates a transmittal of a notice to the 
source f th classified lectronic message indicat- 
ing that the classified electronic message has been 

5 forwarded to an alternate recipient Thereafter, the 
process returns, as illustrated in block 56, to deter- 
mine whether or not the alternate recipient des- 
ignated by the initial recipient possesses a suffi- 
cient classification level to receive the message, as 

w illustrated above. 

In the event the recipient has declined to for- 
ward the classified electronic message to an al- 
ternate recipient, as determined by block 52, then 
'block 58 is used to determine whether or not the 

15 classified electronic message should be destroyed. 
In the event destruction of the classified electronic 
message is desired, block 60 may be used to 
determine whether or not the system protocols 
require automatic destruction of an undelivered 

20 classified electronic message. If so, then block 62 
illustrates the destruction of the classified elec- 
tronic message and a return to processing. If auto- 
matic destruction of a classified electronic mes- 
sage is not desired, then block 64 illustrates the 

25 prompting of the source or recipient for a destruct 
command. In this manner, the classified electronic 
message which may not be delivered can be de- 
stroyed. Finally, in the event block 58 determines 
that it is not necessary to destroy the classified 

30 electronic message, the process ends. 

As those skilled in the art will appreciate upon 
reference to the foregoing specification, by using 
such an arrangement, there is provided a technique 
whereby the non-delivery of a classified electronic 

35 message due to the inability of the recipient to 
provide a suitable classification level may automati- 
cally generate a notification which will be transmit- 
ted to the source of the classified electronic mes- 
sage, as well as to any designated third party 

40 within the system. In this manner, users of may 
customise a protocol for handling classified elec- 
tronic messages within a individual system which 
may accommodate almost any variation in tech- 
niques for handling the delivery or non-delivery of 

45 classified electronic messages. Co-pending appli- 
cation (AT9-88-034) relates to similar subject 

matter. 



so Claims 

1 . In a computer network, a method for auto- 
matically notifying the source of a classified elec- 
tr nic message transmitted via the computer not- 
es work of a delivery restriction imposed by the clas- 
sification level of the recipient comprising the 
steps of: 

transmitting a required classification level to be met 
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by a valid receiver in association with an electronic 
messag to a selected recipi rtt via a computer 
network; 

automatically comparing the transmitted required 
classification level with the classification level of the 5 
selected recipi nt; 

automatically restricting delivery of the electronic 
message to the selected recipient in response to 
the failure of the classification level of the selected 
recipient to meet or exceed the transmitted re- io 
quired classification level; and 
automatically transmitting the status of the delivery 
to the source. 

2. A method as claimed in Claim 1. further 
including storing an indication of each transmitted 75 
electronic message along with the required clas- 
sification level at the source. 

3. A method as claimed in Claim 2, further 
including storing the transmitted status in associ- 
ation with the stored indication of each transmitted 20 
electronic message. 

4. A method as claimed in any preceding 
Claim, further including automatically transmitting a 
notification of the delivery restriction to the se- 
lected recipient in response to the automatic re- 25 
striction of delivery. 

5. A method as claimed in Claim 4, further 
including the step of prompting the selected recipi- 
ent to request an increased classification level in 
response to the automatic restriction of 30 

6. A method as claimed in any preceding 
Claim, further including the step of prompting the 
source to dispose of the electronic message in 
response to the automatic restriction of delivery. 

7. A method as claimed in any preceding 35 
Claim, further including the step of automatically 
disposing of the electronic message in response to 

the automatic restriction of delivery. 

8. A method as claimed in Claim 4 or any 
Claim appendant thereto, further including the step 40 
of prompting the selected recipient to request 
transmittal of the electronic message to an al- 
ternate recipient in response to the automatic re- 
striction of delivery. 

45 
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